Research
The short story about Clubhouse user scraping and social graphs
TL;DR During this RedTeam testing, we used Clubhouse as a social engineering tool to find out more about our client's employees. UPDATE: While we were preparing this article for publication, ...
r00kie-kr00kie. Exploring the kr00k attack
TL;DR We created and published a PoC exploit of the kr00k attack (CVE-2019-15126): https://github.com/hexway/r00kie-kr00kie All technical details can be found in the Process section. INTRODUCTION AND MOTIVATION In February 2020, ...
Piercing the Shield. Breaking the FunctionShield cloud security library
TL;DR We've found a vulnerability in FunctionShield, a cloud security library, that allows bypassing its tightest restrictions completely. All technical details can be found in the "Process" section. Cloud computing ...
Blog
CYBERSECURITY NEWS V. November – Apple vs NSO Group, 45M VPN users’ data leakage, Panasonic Data Breach
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple vs NSO Group Apple sues NSO Group over ...
CYBERSECURITY NEWS V. October – Global crash of Facebook, Leaked Twitch source code, Acer hacked
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Global crash of Facebook, Instagram, and WhatsApp On October ...
NEW UPDATE. HIVE. VERSION 0.30.1
Hey, hexwayers! We are happy to have all of you here. So, let's take a short tour around our new update. We’ve added Nuclei and Amass scanners integration. Yay! What’s ...
Try Hexway online
